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[57] ABSTRACT 

A method and apparatus for providing a secure remote 
passwcH'd graphic interface. In an embodiment of the 
invention, an improved password changer provides the 
capability to securely change a user*s passwwd at a remote 
location without the necessity of flic user executing com- 
mands to the remote machine. A local graphic interface is 
provided for entry and initial validation of the user's pro- 
posed new password. Once validated, the user*s login and 
password data is securely stored in ten^wrary memory 
allocated during operation of the invention, and communi- 
cation is initiated with the remote machine. All commands 
necessary to change the user's password at the remote 
machine are handled by an embodiment of the invention 
widiout the requirement erf user intervention. The present 
invention improves remote password updating by eliminat- 
ing the user's need to understand the command structure of 
the operating system running at the remote machine. 

32 Claims, 11 Drawing Sheets 
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METHOD AND APPARATUS FOR 
PROVIDING A SECURE REMOTE 
PASSWORD GRAPHIC INTERFACE 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The invention relates to the field of con^uter science, 
and, in particular, to a method and apparatus for providing 
a secure remote password graphic interface. 

2. Background 

Users of con^juter systems of all sizes are typically 
assigned individual user accounts consisting of a user login 
name and a passwc^d. These accounts are not generally 
public accounts. Instead, these accounts are intended for a 
particular user*s sole use. Within such an account, a user can 
keep data that is not generally made known to the rest of the 
computer system's users. For example, a user's account may 
contain sensitive or private data that the user wishes to 
remain confidential. Alternatively, a user may selectively 
grant access to the confidential data to a limited number of 
other users on the system. 

Each user account typically has associated with it a login 
and a password. When a user wishes to access his or her 
account, the user provides the login to the conq>uter systent 
typically by entering the login through a terminal. If the 
login is recognized by the conqwter system, the user is then 
prompted to provide the appropriate password associated 
with that particular login. The computer system again deter- 
mines whether the password provided by the user matches 
the password of record for the login account If the password 
matches, access is given. If the password does not match, 
access to the specified account is denied. By requiring users 
to provide a password to gain access to an account, unau- 
thorized access to data (at least throu^ generally available 
means) is eliminated. 

In certain distributed computer systems, a user wcK-king at 
one computer may need to access data that is resident on a 
remote computa. For example, if a user's counter contains 
data that is to be updated based on dianges to a master 
database located at the renK>te computer, the user may access 
the remote computer. In a large client-server distributed 
database system, the master data may not be available to all 
usas. Instead, authorization to access the data may be 
selectively managed so that some users can only access a 
portion of the data. 

To efficiently manage eadt user's authorization level, a 
remote database computer may require each user to maintain 
a sq>arate login account For exan^e. each user would be 
provided with an individual login account and password that 
must be provided to the remote computer before access to all 
or a portion of the remote computer's data is granted to the 

USCT. 

To increase the level of security of each user's account it 
is generally suggested that users diange their passwords on 
a regular basis, and especially when they believe that the 
confidentiality of their password may have been compro- 
mised. To encourage users to change their passwords when 
needed, it is desired that the process for changing one's 
password not be burdensome for the user. Where users have 
difficulty changing their password, or where the (H-ocess for 
changing the password requires special skill or training, 
users may choose to forgo changing their password. When 
this happens, the security of all of the data associated with 
a user's account may be compromised. 

Although today a large number of people use computer 
software for business and personal plications, generally 
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only a portion of these users have specialized knowledge of 
con[^)uter operating systems such as. for example, the 
UNIX™. NcxtStep™ or DOS™ c^raiing systems. Com- 
puter applications are often written today with the unskilled 

5 user in mind. These applications present **uscr-fi'iendly" 
interfaces to assist users in their confuting tasks. For 
example, word processing and financial software packages 
often [H^ovide "graphic user interfaces" (GUI's) to the user 
to facilitate the input and output of data, and provide users 

10 with a means to invoke commands. These GUl*s enable 
users to operate the software without the need for special- 
ized computer training or a thorough knowledge of operat- 
ing system syntax and conmiands. 
In the distributed data processing examine discussed 

1^ above, it is possible that, although die user may be trained 
to understand and operate the operating system of die local 
con4)uter and the computer software running at the local 
con^uter, the user may not understand the operating system 
of the remote computer. When the user wishes to diange his 

^ or her password on the remote computer account, the user 
may be stymied by a lack of experience or knowledge 
concerning the operating system of the remote computer. 
Unable to figure out how to interact with the remote 
computer, the user may choose to not update or change his 

25 or her password. Alternatively, the user may ask a co-worker 
in the computer services or information systems department 
to change the password. Asking another to update or change 
a user's password may very well further con^roniise tiie 
security of the database system, since that person will know 

^ the user's password and could gain otherwise unauthorized 
access the user's account 

For exatt^)le. suppose that a user's remote account is 
located on a con^)uter running under the UNIX operating 
system. As a command line driven (grating system, some 
users who are familiar or comfortable only with GUI com- 
puter applications may have difficulty learning how to 
change their password on the rcnK)te UNIX systeoL Other 
users, although capable of learning how to invoke com- 
mands on a computer running the UNIX operating system. 

^ may decide that it is not worth the time and effort to learn 
the UNIX system just to change one's password since 
changing passwords is not a action that a user peifonns 
every day. 

It is therefore desirable to provide a mechanism through 
which users can easily update their passwords without 
having to learn the intricacies of computer <^)erating sys- 
tems. 

SUMMARY OF THE PRESENT INVENTION 

50 

An embodiment of the invention fHXivides a method and 
apparatus for providing a secure remote password graphic 
interface for use on a computer system. Using an embodi- 
ment of the invention, a user's password may be easily and 
S3 securely changed at a remote machine from the user's local 
machine. 

In an embodiment of the invention, when a user wishes to 
change or update the password associated with the user's 
account, the user invokes a password changer program 

60 which displays a graphic user interface on the user's display. 
The user enters the user's login, current password, and 
proposed new password into fields displayed in the graphic 
user interface window. These values are aot permanently 
stored in memory, tnit are stored in temporary memcxy 

65 allocated while the password changer program is running, 
and de-allocated after the passwcH'd changer program is 
terminated. 
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Once the user*s login and password inforniation is 
entered, the proposed new password may be validated to 
ensure that it meets the password requirements of the remote 
computing system. Once the propx3sed password is locally 
validated, the password changer program initiates a coiuiec- 
tion with the remote machine, and initiates and completes 
the login and password changing procedures at the remote 
machine without further input or assistance from die usa. In 
this way. the user's password is easily and securely updated 
at the remote machine without requiring the user to under- 
stand the operation of the operating system running at the 
remote maciiine. 

BRIEF DESCRIPTION OF THE DRAWINGS 

RG. 1 is a block diagram illustrating a password changer 
graphic user interface for use with one embodiment of an 
embodiment of the invention. 

FIG. 2 is a block diagram illustrating of a password 
verification graphic user interface for use with an embodi- 
ment of the invention. 

FIG. 3 is a block diagram showing the rclationsh^) 
between the local and renK)te machines in an embodiment of 
the invention. 

RG. 4 is a block diagram showing one coii4>uter system 
for use with an embodiment of the Invention. 

RGS. SA through 5G are flowcharts illustrating the 
process flow of an embodiment of the invention. 

DETAILED DESCRffTTON OF THE PRESENT 
INVENTION 

A method and apparatus for providing a secure remote 
password graphic interface is described. In the following 
description, numerous specific details, such as UNIX com- 
mands and the [^ysical specifics of the graphic interface, are 
described in order to provide a more thorough description of 
the invention. It will be ^^>arent however, to one skilled in 
the art. that the invention may be practiced without these 
specific details. In other instances, well-known features have 
not been described in detail in order not to unnecessarily 
obscive the invention. 

An embodiment of the invention provides a mechanism 
for changing a user's password on a renK>te computer 
system without requiring a user to know how to use oper- 
ating system-specific commands for die rensote system. 
Using an embodiment of the invention, a user can invoke a 
password changing routine at ttie local station that provides 
a graphic user interface (GUI). The user enters the appro- 
priate login, current password and new password for the 
remote computer system into fields in the password changer 
GUL An embodiment of the invention determines if the new 
password meets all or some of the requirements of the 
remote system and. if so. communicates with the remote 
system to change the user's password. 

An embodiment of the invention provides a secure means 
for remotely changing a user's password. None of the user's 
information is stored in a file or address at the local 
computer where it can be subsequently retrieved by unau- 
thorized users. Instead, the user's login and password infor- 
mation is temporarily stored in a memcry location specifi- 
cally allocated at the time an embodiment of the invention 
is invoked. This memory is de-allocated at fH'ogram 
termination, and the user's information is removed rom 
ten^rary memory storage. Thus, once the user enters login 
and password informau'oo using an embodiment of the 
invention, increased security is provided against unautho- 
rized access. 
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Computer System 

An embodiment of the invention may be implemented on 
any conventional or general purpose computer system or 
computer based database system. An example of one 

5 embodiment of a computer system for implementing this 
invention is illustrated in RG. 4. A keyboard 410 and mouse 
411 are coupled to a bi-directional system bus 418. The 
keyboard and mouse are for introducing user input to the 
computer system and conununicating that user input to 

10 central processing unit (CPU) 413. The computer system of 
RG. 4 may also include a video memory 414. main memory 

415 and mass storage 412. all coupled to bi-directional 
system bus 418 along with keyboard 410. mouse 411 and 
CPU 413. The mass storage 412 may include both fixed and 

15 removable media, such as magnetic, optical or magnetic 
optical storage systems or any other available mass storage 
technology. Bus 418 may contain, for example, thirty-two 
address lines for addressing video memory 414 or main 
memory 415. The system bus 418 also includes, for 

20 example, a 32 -bit data bus for transferring data between and 
among the components, such as CPU 413, main memory 
415, video memory 414 and mass storage 412. Alternatively, 
multiplex data/address lines may be used instead of separate 
data and address lines. 

25 In one embodiment of this invention, the CPU 413 is a 
32-blt or 64-bit nodcroprocessor. However, any other suitable 
microprocessor or microcomputer may be utilized. Main 
memory 415 is con^Hised of dynamic random access 
memory (DRAM). Video memory 414 is a dual-ported video 

30 random access memory. One port of the video memory 414 
is coupled to video an^Mer 416. At least 32 Mbytes of 
memory are used in the preferred embodiment More or less 
memory may be used without departing from the scope of 
this invention. The video amplifier 416 is used to drive the 

35 catiiode ray tube (CRT) raster monitor 417. Video amplifier 

416 is well known in die art and may be implemented by any 
suitable means. This circuitry converts pixel data stored in 
video memory 414 to a raster signal suitable for use by 
monitor 417. Monitor 417 may be a type of monitor suitable 

40 for displaying textual and/or grai^c Images. 

The con^}uter system described above is for purposes of 
exanq)le only. An embodiment of the invention may be 
implemented in any type of computer system processing 
environment or on any hardware or combination of 

45 hardware, software and con^ter systenL 
Preferred Enabodimcnt 

The operation ci one embodiment of the invention is 
shown in the series of fiowchaits illustrated in FIGS. 5A 
through 5G. In the embodiment described below, the inven- 

50 tion is used to change a user* s password at a remote machine 
location. It will be readily apparent to those skilled in the art 
that embodiments of ttie invention are equally applicable to 
local applications as well. Also, although one embodiment 
of the invention is described in connection with the UNIX 

55 (gating system, the invention will w^k equally well with 
other operating systems. 

Starting in FIG. 5A, the operation of one emtx)diment of 
the invention is described. At step 5010, the user invokes die 
password dianger program of the invention. This program 

60 may be written in sc^tware. or it may be hardwired into die 
local computer. Invocation of the password changer program 
by the user may be accon^lished by a number of different 
methods dq)ending upon the (grating system running at the 
local computer. For example, the user could invoke the 

65 program by double clicking the cursor over the display icon 
of the password changer program, or by choosing the 
appr(^iate menu selection from a pull -down menu, or by 
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selecting the name of the program from a list of applications 
IM^ovidcd by a dialog box displayed on the screen. 

Once iDvoked. at step 5020 the password changer pro- 
gram displays a GUI dialog on the screen to facilitate entry 
of the user's login and password information. An example of 
a password changer GUI that may be used with the embodi- 
ment of the invention shown in FIG. 1. The password 
changer window 110 may include an entry field 120 for a 
user's login, an entry field 130 for the user's current 
password, and an entry field 140 for the user's proposed new 
password. Each of these fields are configured to accept 
numeric, alphabetic or alphanumeric information. 

Password changer window 110 may also contain other 
elements. For example, in FIG. 1. window 110 includes 
three graphic buttons: a set button 150. a quit button 160. 
and a help button 170. When a user wishes to activate any 
of these buttons, the user may position the screen curscH* over 
the button of choice and indicate entry of that selection. ?<x 
example, if the user wishes to view help information about 
the password changing process and procedure, the user may 
use tiie mouse to position the screen cursor over help button 
170 and depress the mouse button to indicate that selection. 

Returning to FIG. 5A. after the password changer GUI 
window 110 is displayed at step 5020, the process deter- 
mines whether the user's home directory is available at step 
5030. If it is available, then the hwne directory at the remote 
location is obtained at step 5040. If it is not available, then 
the default directory is obtained at step 5050. Either way. at 
step 5060 the directory information is displayed in field 120 
of password changer window 110. For example, in FIG. 1, 
the login "^John Smith" is displayed in field 120. 
Alternatively, field 120 may be left blank and the user may 
be required to enter this information. 

If the user selects the quit button at step 5070. control of 
the process proceeds to st^ 50S0 where the password 
changer window 110 is removed from the display. The 
password changer i^ogram is then terminated at step 5090 
and the user's password is not changed. 

If the user selects the he^ button at step 5100, the system 
displays help information at step 5110. At decision block 
5120. the system waits until the user is finished with the help 
information before proceeding to decision block 5130. 

At decision block 5130. die system determines if the user 
has indicated "set" This may be signified by the user 
depressing set button 150 in window 110. or by pressing the 
return key on the keyboard. If the user has not indicated set. 
then control returns to decision block 5070. If the user has 
indicated set, then the data entered in the login field 120. 
password field 130 and new password field 140 are stored in 
teii9>orary memory at step 5140. and control proceeds to 
st^ 5150. This temporary memory is allocated at the tinoe 
the password changer program is commenced, and in the 
preferred embodiment is de-allocated once the password 
changer program is terminated. 

At step 5150. the system determines whether the login 
data entered by the user in field 120 is a valid user's login. 
If it is not a valid login, control proceeds to step 5160 where 
the appropriate error message is displayed. At step 5170. the 
user is directed to re-enter the login information in field 120, 
and control proceeds to step 5070. 

If the user has entered a valid login, the user's new 
password is then validated throu^ decision blocks 5180. 
5220, 5230 and 5240. At decision block 5180. the new 
password is examined to see if contains at least 6 characters. 
If it has 5 or fewer characters, control proceeds to step 5190. 
where the appropriate etror message is displayed. At step 
5200. the information previously entered in new password 
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field 140 is deleted. Altemaliveiy. the data in field 140 could 
be highlighted. At step 5210. the user is directed to re-enter 
the proposed new password, and control proceeds to step 
5076. 

3 If it is deto-mioed that the new password has at least 6 
characters, control proceeds to decision block 5220, where 
it is determined whether the new password has at least two 
alphabetic characters. If the password does not meet this 
criteria, control proceeds to step 5190 and the user is 
directed to select an alternate new password. If the criteria 

' at step 5220 is met. control proceeds to decision block 5230. 
At decision block 5230. the new password is examined to 
determine if it contains at least one numeric or "special" 
character (for example, a " " or character). 
If the password does not meet this criteria, control proceeds 
to step 5190 and the user is directed to select an alternate 
new password. If the criteria at step 5230 is met. control 
proceeds to decision block 5240. 

At decision block 5240. the new password is examined to 
ensure that the new password and the old password differ in 

20 at least three places. If the new password does not meet this 
criteria, control {H-oceeds to step 5190 and the user is 
directed to select an alternate new password If the criteria 
at step 5240 is met control proceeds to step 5250. 
It will be obvious to one skilled in the ait that the 

25 invention may be practiced without one or more of the 
password validation criteria described above. Also, these 
validation criteria may be amended without departing from 
the spirit and scope of the invention. 
At step 5250, a password verification GUI window 210 is 

30 displayed. An example of sudi a window is shown in FIG. 
2. Window 210 may include a verify new password field 
220, a set button 230. and a cancel button 240. The user is 
directed to re-enter the proposed new password as a means 
of preventing mis-entry of the password At decision block 

35 5260, the system determines if the user has selected the 
cancel button. If the user has selected cancel control pro- 
ceeds to step 5270 where the password verification window 
5210 is removed from the display. Control then proceeds to 
step 5070. 

40 If the user has not selected cancel at decision \Aock 5260. 
the system next determines if the user has indicated set at 
decision block 5280. If the user has not indicated set control 
returns to block 5260. Once the system determines that the 
user has selected the set button, dien at step 5290 die verified 

45 new password entered in field 220 is stored, and password 
verification window 5210 is removed from the display. 

At decision block 5300 the new password is compared to 
the verified new password to see if they are identical. If they 
are not identical an error message is displayed at step 5310. 

50 and the user is directed at step 5320 to re-enter tiie new 
password in field 140 in password changer window 110. 
Control proceeds to step 5070 to obtain this information 
from die user. 

If the new password is identical to the verified new 
55 password, control proceeds to block 5330. At this step, the 
password changer spawns a remote login process with the 
remote computer. In a preferred embodiment of the 
invention, die login fH-ocess is pawned by using the expect 
program written by Don Libes, and described in "expect: 
60 Curing Those Uncontrollable Fits of Interaction." Proceed- 
ings of die Summer 1990 USENIX Conference, Anaheim, 
Calif.. Jun. 1990, and "Using expect to Automate System 
Administration Tasks," Proceedings of the Fourth USEhOX 
LISA Large Installation Systems Administration (LISA) 
65 Conference. Colorado Springs, Colo., Oct 17-19. 1990. 
expect is an interpretative program capable of controlling 
interactive communications with UNIX programs. By inter- 



05/04/2004, EAST Version: 1.4.1 



5.793.952 



7 

posing itself b^ween the user and a UNIX process, expect 
can be directed to run interactive programs without user 
intervention, expect has several conunands that are used to 
control the communication process. For example, the spawn 
command directs expect to run an interactive program or 5 
process. Additional data may be passed as arguments to the 
spawn command. These arguments would be passed on to 
the spawned process. 

Another command is the expect command. One ot more 
patterns may be passed on in the expect comnsand. This lo 
conmiand monitors the output from the spawned process, 
and watches for the pattern or patterns to appear. Once a 
pattern is identified in the output of the spawned process, 
additional arguments provide specific actions to execute. If 
no action is provided, the conunand pauses the execution of is 
the program until the pattern appcais. 

Those skilled in the ait are readily aware of and familiar 
with the command structure and operation of the expect 
program library. Therefore, these commands are not 
explained in detail. Additionally, the invention may be 20 
practiced with any program capable of initiating and con- 
trolling communications between remote jp^ocesses without 
user intervention. 

Returning to the flow diagrams of FIGS. 5A through 5G. 
at block 5330 a login process is spawned with the remote 25 
host This is illustrated in FIG. 3- Once the login and 
password information has been entered into the fields of the 
password changer window 110 at local machine 310. and the 
proposed new password has been validated (if required), 
expect is used to spawn a remote login process. For example, 30 
by Invoking the spawn command included in expect library 
330. a pscudo-tty (ptty) 340 can be created at local machine 
310. Pity 340 could be. for example, a telnet protocol for 
conmiunicating with the remote machine 320. The telnet 
comnund opens up a connection with the remote computer. 3S 
Once a connection is estatdished. telnet enters an input mode 
where text typed from the local machine is sent to the remote 
machine. The operation and use of the telnet command is 
well known for establishing a connection with a remote host 
computer. Alternatively, at block 5330 a login process may 40 
be spawned using other remote communicatioD protocols or 
coimnands. sud) as. for example, the UNIX rlogin com- 
mand. Because these conunands are well known to those 
skilled in the art the details of the conunands need not be 
explained in detail here. 45 

Once a connection is opened between local machine 310 
and remote machine 320. control proceeds to decision block 
5340. where tbc process monitors the ou^ut from ttit remote 
machine, and waits for the appropriate login prompt. In the 
preferred embodin^nt. this is accon^lished by invoking the 50 
expect command from the expect library 330. In the pre- 
ferred embodiment, at block 5340 the process waits for the 
output of the process miming at the icvxAc machine to 
loatch with the **login:" pattern of the UNIX systena. Other 
login patterns may be used depending upon the particular 55 
login pronopt of the remote nkachine without deviating from 
the inventicm. 

If no login prompt is found, then the system determines if 
tiie login process has 'timed out" at block 5360. If the local 
machine has difficulty connecting to the remote machine, a 60 
login pronq>t may never appear, and system might otherwise 
become stuck waiting for the prompt. By limiting the login 
process to a pre-determined time period (such as 15 
seconds), the process can proceed even if no connection is 
ever established. At block 5360. if the login process has 65 
timed out control proceeds to step 5350 where the attecnpted 
login process is closed and the ^propriate error message is 
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sent to the user. Control then returns to block 5070 where the 
user may be asked if another attempt should be made lo 
reconnect to the remote machine to change the password. 

Alternatively, the system could be designed such that, 
when the login process has timed out. the current login 
process is closed and another login attempt is spawned at 
block 5330. Control could continue in this manner through 
a finite number of iterations until login is successful. If ptty 
340 in FIG. 3 is unable to login to remote madiine 320 after 
several attempts, the user could be notified of this status, and 
the password changer program could be terminated without 
changing the user's password. 

If no time out is detected, control returns to block 5340 to 
check for the login pron^t Once a login prompt is detected, 
the system sends the user's login to the remote machine at 
block 5370. This login is identical to the login entered in 
field 120 in password changer window 110 in FIG. 1. 

Once the user's login has been sent, the system again 
waits for either a time out at block 5380 or the appropriate 
password jH-omjH at block 5390. At block 5380. if a time out 
has occurred, the login process is closed at block 5350. and 
an error message is sent to the user informing the user of the 
local machine's inability to secure a completed login at the 
rentote machine. Alternatively, control could return to block 
5330 where a new login process would be initiated at ptty 
340. 

If no time out is detected at block 5380. the system checks 
to see if the remote machine has returned a password 
prompt. In the preferred embodiment this may be accom- 
plished by invoking an expect command that waits for the 
apprc^xiate string from the remote machine that would 
signify the password pronq)t For example, the expect com- 
mand can be directed to wait for an output string containing 
a **Pa$sword:** pattern. Depending upon the particular oper- 
ating system running at the remote machine, dififerent pass- 
word prompt patterns may be used. 

If no password p'on^t is detected in the output stream, 
control returns to block 5380 to determine whether the login 
time out threshold has been exceeded. Once a password 
prompt is detected at block 5390. the system sends the user's 
password to the remote machine at step 5400. Since the 
user's password has not yet been changed, the user's current 
passwOTd. as entered in field 130 in the password changer 
window 110. is sent to the remote machine. 

The invention ensures security of the user's login and 
password because at no time is this data stored permanently 
in memory, such as in a file. Instead, the user's login and 
password are passed to the remote machine as program 
variables. These variables are temporarily stored in memory 
that is allocated at the local machine while the password 
changer program is exectiting. Once execution of the pass- 
word changer program is completed, this mennory is 
de-allocated and the user's login and password is deleted 
from memory. By relying upon the UNIX system password 
storage at the remote system, in the preferred embodiment 
the invention is able to provide a user-friendly interface 
without con^omising password security. 

Once the user's login and password have been sent to the 
remote machine, the login/password time out threshold is 
checked at block 5410 to see if it has been exceeded. If the 
time out threshold has been exceeded, the login process is 
closed at step 5420. and the user receives an error message 
concerning the status. Control proceeds to block 5070. 

If the time out threshold has not been exceeded at block 
5410. the system then waits to see if the renoote machine has 
rejected the login attempt at block 5430. In the (H-eferred 
embodiment, a rejected login attempt is detected by invok- 
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ing an expect command and searching for die string "incor- siders the current password invalid, an expect command 

rect" in the remote machine output stream. However, other may be used to watch the appropriate word or phrase 

methods of detecting a rejected login attempt may be used indicative of password failure, such as, for example, the 

with out departing form the scope of the invention. word, **Sorry." If it is determined that the current password 

If at block 5430 it is determined that the login atten^Jt 5 is invalid, control passes to block 5420. the login process is 

failed (because, for example, the password is incwrect), then closed, and an cirot message is sent to the user, 

the login process is closed and the user is notified of the At decision block 5500. the system determines whether 

login failure at step 5420. If the login attempt did not fail the remote machine has indicated a prompt for the proposed 

then at block 5440 the output stream of the remote madiinc new password. An expect conunand may be used to dcter- 

is evaluated to determine whether the remote machine is lO mine if the new password prompt is present in the output 

instructing the user to change his or her password. In sonae stream. For example, an expect conunand may be used to 

confer systems, the user is pron^ted at regular intervals search for the pattern "New password:" in the ou^t streanL 

to change the user's password. This is typically done to If the host machine is not pronq>ting for entry of the new 

reduce or eliminate the number of old or "stale" passwords password, control remains at block 5500. After the new 

in the system. 13 password jyompt is recognized in the output stream, the 

In the prefeixed embodiment, at block 5440 an expect user's new password, as entered in field 140 in the passwo-d 

command is invoked to search for the string "Choose a new changer window 100, is sent to the remote machine at block 

password." in the output stream of the remote machine. If 5510. 

this string is detected, control proceeds to block 5460. If this The remote machine may then perfOTn vaUdation diecks 

string is not detected, a request is sent to the host to change 20 on the proposed new password. An embodiment of the 

the user's password at block 5450. In the preferred invention may also perform similar validation checks on the 

embodiment, using expect the UNIX (command •'passwd" user's proposed new password so that vaUdation errors in 

is sent to the host. In the preferred embodiment, ttiis is the new password may be anticipated and cociccted before 

accoir^)lished by having ptty 340 invoke remote password a remote conununication is established with the remote 

process 350 at remote machine 320, as shown in FIG. 3. The 25 machine. If designed with the remote machine's validation 

passwd command is used in some UNIX systems to change scheme in mind, this "local** validation should ensure that 

orinstallapasswordassociatcdwiththeuscr'sloginaccount the user's proposed new password also passes the remote 

name. When changing a user's password, passwd pronq)ts machine's validation j^ocess. Alternatively, an embodiment 

for both the cuircnt and new password The user must supply of the invention can be practiced without performing local 

both of these passwords, and typicaUy the new password 30 vaUdation, or without performing any password vaUdation at 

must be entered twice to verify the change and to fcx-estall all. 

mistakes. If the password entries do not match, the new In the typical UNIX operating system, new passwords are 

passwOTd is rejected and passwd terminates. checked to determine if Aey are too long ot too short (blocks 

If password aging has been enabled, then the system 5520 and 5540), have at least two alphabetic characta-s and 

checks the user's cuircnt password to sec if it has "aged" 35 at least one numeric or q>ccial character (block 5550), 

sufBdentiy. Password aging is the amount of time (usuaUy and/or and differ from the old password by at least three 

a certain number of days) that must elapse before the user is characters (block 5560). An expect command inay be used 

allowed to choose a new password. If the old password has to monitor flic output stream of the remote machine to locate 

not sufBciently aged, the new password is rejected and the appr<^>iiate string indicating failure of any of these 

passwd terminates. 40 vaUdation checks. For exan^le, the expect onmnand could 

Once the host system has indicated that it is time for the be invoked to search for the patterns, *Tassword is too 

user to change passwords (or, alternatively, a request is sent short," "Password is too long." "at least two a^)haibetic," or 

to the host), then at block 5460 the process checks to see if "Passwords must differ by at least 3." If any of these patterns 

the change password process has timed out If the tinae out are located, control passes to block 5530 whore the login 

direshold has been exceeded, control passes to block 5420, 45 process is terminated and the user is notified of the crrOT. 

the login process is terminated and an appropriate erro- The ou^t stream is also monitored to determine if the 

message is displayed to the user. new password meets all of tiic vaUdation requirements of the 

If the time out threshold is not exceeded, control passes to remote machine. If the new password is accepUble, the 

decision Wock 5470, where the output stream of the remote remote machine wiU ask the user to re-enter the new 

host con^Hrtcr is monitored to sec if the remote machine is 50 password to verify its spelling. Thus, at block 5570 the 

prompting foe entry of the user's old (or current) password. ou^ut stream of the remote machine is searched for an 

An expect command is used in the prefarcd embodiment to indication that the remote machine is requesting verification, 

determine die presence of such a pcon^A. For examine, an For example, an expect command may be invoked to search 

expect command may be used to search for flie phrase, "Old for the pattern, "new password:" in the output stream. If the 

password:" in the output stream. If this pattern is not located, 55 invention does not locate a verification prompt control 

then control remras to block 5460 to see if the process has returns to block 5520 to see if any oflier validation related 

timed out prompt has been sent by the renK)te madiine. 

If the old password prompt is detected, then the current If the output stream contains a verification request con- 
password is sent to the remote computer at block 5480, The trol passes to block 5580 and the new password is resent to 
user's current password, as entered in field 130 in ttie 60 the remote machine. The process then checks to sec if the 
password changer window 110, may be sent to the remote remote machine has indicated acceptance of the new pass- 
machine using flie send comnoand fi-om the expect library, or word at block 5590. This is typicaUy indicated in UNIX by 
by any other method generally known in the art returning flie command prompt, to ttie display. If no com- 

Once the user*s current password is sent then at block mand prompt is located in the output stream after verifica- 
5490 die output stream of the remote machine is nranitored 65 tion of the new password, then control proceeds to block 
to determine if die remote machine considers the current 5600 where the login process is closed and tfie user is 
password valid. To determine if the remote machine con- notified fliat the user* s password was not changed. If flie host 
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indicates that the password change is successful at block 
5590. the login process is terminated at block 5610. Termi- 
nation of the login process may be accomplished, for 
example, by sending an "eut"" command to the remote 
machine using the expect library commands. 3 

Once the login process is terminated* the user Is actiAed 
that the password change was successful at block 5620. At 
block 5630. the change password GUI window 110 is 
closed. The password changing process is then successfully 
terminated at step 5640. 

Thus, a method and apparatus has been described in 
conjunction with one or more specific embodiments. The 
invention is defined by the claims and their full scope of 
equivalents. 

I claim: 

1. A method implemented by a computer for updating a 
password, said method comprising the steps of: 

pron^)ting a user to enter user information at a local 
machine, said user infonnatioo comprising user iden- 
tification information, old password information, and 
new password information; 20 

receiving said user information; 

after receiving said user information, spawning a com- 
munication process at said local machine, said com- 
munication process: 

estabUshing communication with a remote machine via 25 
a communications network coupled to said local 
machine; 

transmitting a first portion of said user infonnation 
comprising said user identification information to 
said remote madiine via said conmiunications net- 30 
work; 

awaiting receipt of first responsive information from 
said remote machine via said communications net- 
work; 

transmitting a second portion of said user infonnation 3S 
con^sing said old password information to said 
remote machine via said communications network 
only upon receipt of said first responsive informa- 
tion; 

awaiting receipt of second responsive information from 40 
said remote madiine via said communications net- 
work; 

transmitting a third portion of said user information 
comprising said new password information to said 
remote machine via said communications network 4S 
only upon receipt of said second responsive infor- 
nution; 

awaiting receipt of third responsive infonnation from 
said remote machine via said conmiunications net- 
work. 50 

2. The method of claim 1 wherein said prompting said 
user to enter user information comprises displaying a 
graphic interface for receiving said uscx infonnation. 

3. The method of claim 2 wherein said new password 
information is validated, according to a first set of validation 55 
criteria, at said local maciiine before said spawning of said 
communication process. 

4. The method of claim 3 wherein said new password 
information is stored at said local machine after validation. 

5. The method of claim 3 wherein said new password 60 
information is stored in a ten:^)orary memory area at said 
local machine after validation. 

6. The method of claim 5 wherein said temporary memory 
area is de-allocated at said local machine upon receipt of 
said third responsive information. 65 

7. The method of claim 2 wherein said user identification 
information and old password information are transmitted 



from said local machine to said remote machine using at 
least one of a first set of commands. 

8. The method of claim 7. wherein said first responsive 
information comprises an indication that said local machine 
is successfully connected to a user*s account at said remote 
nuichine. 

9. The method of claim 8 wherein said receiving of said 
first responsive information is accomplished using an e7q>ect 
command. 

10. The method of claim 8 wherein said communication 
fMTocess transmits a request to update said password after 
receipt of said first reqx)nsivc information. 

11. The method of claim 10 wherein said third responsive 
information comprises an indication that said password was 
either successfully or unsuccessfully updated. 

12. The method of daim 10 wherein said transmitting of 
said request to update said user's password is accomplished 
using a password command. 

13. The method of claim 2 wherein said graphic interface 
includes fields for entering said user identification 
information, old password information and new password 
information. 

14. An article of manufacture comprising: 

a computer usable medium having con^uter readable 
program code embodied therein for updating a 
password, said computer readable program code com- 
prising: 

conqxitcr readable program code configured to cause 
said local computer to prompt a user to enter user 
information at said local machine, said user infor- 
mation comprising user identification information, 
old password information, and new password infor- 
mation; 

con4>uter readable program code configured to cause said 
local computer to receive said user information; 

con^uter readable program code configured to cause said 
local computer, after receiving said user information, to 
spawn a communication process at said local machine, 
said communication process: 

establishing communication with a remote machine 
over a communications network coupled to said local 
madiine; 

transmitting a first portion of said user information 
comprising said user identification information to 
said remote machine via said communications net- 
wcyk; 

awaiting receipt of first responsive information from 
said remote machine via said communications net- 
work; 

transmitting a second portion of said user infonnation 
con^Hising said old password information to said 
remote machine via said communications netwcvk 
only upon receq>t of said first responsive informa- 
tion; 

awaiting receipt of second responsive infonnation from 
said remote machine via said communications net- 
work; 

transmitting a third portion of said user information 
comprising said new password information to said 
remote machine via said coimnunications network 
only upon receipt of said second responsive infor- 
mation; 

awaiting rece^>t of third responsive information from 
said remote machine via said communications net> 
work. 

15. The article of manufacture of claim 14 wherein said 
computer readable program code for prompting said user to 
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enter user information comprises computer readable pro- awaiting receipt of first responsive information from said 

gram code to cause said local computer to display a grq)hic remote machine via said communications network; 

interface for receiving said user informaUon, transmitting a second portion of said user infcH-mation 

16. The article of manufacture of claim 15 comprising comprising said old password infOTmation lo said 
computer readable program code configured to cause said 5 .^mote machine via said communications network only 
local machine to validate said new password miorroation. . n . • • * 

according to a first set of validation criteria, at said local "PO" ^^^^P^ responsive informaUon; 

machine before said conamunication is spawned. awaiting receipt of second responsive information fi-om 

17. The article of manufacture of claim 16 comprising said remote machine via said communications network; 
computer readable program code configured to cause said lo transmitting a third portion of said user information 
local machine to store said new passwa-d information in a coniprising said new password information to said 
temporary memory area at said local machine after vaUda- ^^^^ ^ communications network only 

"""^Js. The article of manufacture of claim 17 comprising "Pon receipt of said second responsive information; 

computer readable program code configured to cause said 15 awaiting receipt ofthird responsive information from said 

local machine to de-allocate said temporary memory area remote machine via said conomunications network, 

upon receipt of said third responsive information. 24. The qiparatus of claim 23 wherein said user infor- 

19. The article of manufacture of claim 15 comprising mation is entered in a gr^hic interface. 

computer readable program code configured to cause said jS. The apparatus of daim 24 wherein said gr£5>hic 
local machine to acconq>lish transmission of said user 20 interface comprises fields for entering said user ideniifica- 
identification infOTmation and old password information information, old password information and new pass- 
over a network using at least one of a first set of commands. information. 

20. The article of manufacture of daim 19 said first 26. The apparanis of daim 24 wherein said new password 
responsive information comprises an indication that said ^^^^^ vaUdatcd. according lo a first set of validation 
lo^ madune h successftiUy coon^^^^^ a user s account 25 ^^^^ 

21. The ar^cle of manufarture of claim 20 comprising ^ apparatusof daim 26 wherein «uTnew ^ssword 
coimxiter readable program code configured to cause said appai«M* v j 
Sm^toe to trrsiTarequest to update said password information is stored ma temporary memory area at said 
after receipt of said first responsive information. local madiine after validation. 

22. TWticlc of manufacture of claim 21 wherein said 30 28. The apparatus of claim 27 whcrem said temp^ary 
third responsive information con^scs an indication that memory area is de-allocated at said local machine upon 
said password was either successfuUy or unsuccessfully receipt of said third responsive information. 

up^late^ 29. The apparatus of claim 27 wherein said user identi- 

23. An apparatus for updating a password, comprising: fication infonnation and old passwcatl information are trans- 
a local madiine. said local machine spawning a commu- 35 mitted using at least one of a first set of commands. 

nication ptoctss at said local machine after entry of 30. The apparams of daim 29 wherem said first respon- 

user information comprising user identification sivc information comprises an indication that said local 

information, old passwOTd information, and new pass- machine is successfully connected to a uscr*s account, 

word information at said local machine, said commu- 31. The apparatus of claim 30 wherein said communica- 

nication process: ^ tion process transmits a request to update said password 

establishing communication with a remote machine over after receipt of said first re^nsivc infonnation. 

a communications network coupled to said local 32. The apparams of claim 31 wherein said third respon- 

machine; sive information comprises an indication that said password 

transmitting a first portion of said user infoTnation com- was either successfuUy or unsuccessfully updated, 
prising said user identification information to said 

remote machine via said communications network; ♦ * * * * 
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